1) why wasnt there a DSA about this problem ?
ups, sorry, guess i misunderstood : "The security team informs the users about _security_problems_ by posting security advisories about Debian packages on this list." (http://lists.debian.org/debian-security-announce/) nvm